53 matches found
Groupon - Shop Deals & Coupons - Customized SSL, Redefined SSL Common Names verifier, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Groupon - Shop Deals & Coupons published at the 'play' market has multiple vulnerabilities...
Groupon Merchants - Customized SSL, Redefined SSL Common Names verifier, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Groupon Merchants published at the 'play' market has multiple vulnerabilities...
Sefnit Click-Fraud Malware Related to Mevade Tor Botnet
A malware family, likely developed by the same authors who built a massive botnet recently discovered on the Tor network, has been revived with a stealthy new click-fraud scam. Microsoft reports a rash of new click-fraud activity linked to the Sefnit malware, which was thought dead and buried as ...
LivingSocial Ups its Password Encryption After Breach
The popular daily deal site LivingSocial announced Monday it has abandoned the SHA1 hash for Blowfish’s bcrypt following a massive data breach that impacted 50 million customers. The company confirmed last weekend that its computer systems were attacked and thieves gained access to names, e-mail...
CVE-2012-5809
The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Code injection
The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5809
The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5809
The CVE-2012-5809 entry describes the Groupon Redemptions Android app failing to verify that the server hostname matches the CN or subjectAltName in the server’s X.509 certificate. This weakness allows MITM attackers to spoof SSL servers using an arbitrary valid certificate. The vulnerability is ...
Fake Groupon Provides Great Deal … of Malware
Sophos is warning of a fake Groupon email carrying a Trojan instead of a group discount from a friend. The email mimics the real online coupon company’s branding, but a clue that the message is not legitimate is a misspelling in the subject header: “Groupon dicount gifts.” The fake offer opens wi...
Groupon Piggyback Site Offers $500 Voucher, Charges Users for Allegedly 'Free' Trial Offers
A domain registered two days ago as groupon500.com, which claims to offer a $500 voucher toward Groupon or its primary competitor, LivingSocial, is actually registering users for ‘free’ trial offers that aren’t free at all. The best part, however, is that everything about this scam is perfectly...
Indian shopping website Groupon leaks Email/Passwords of 300,000 Users
Indian shopping website Groupon leaks Email/Passwords of 300,000 Users Groupon subsidary – Sosata.com leak the e-mail addresses and plain-text passwords for 300,000 users and also the sql file is index on Google. SoSasta.com offers its services in 11 cities - Kolkata, Hyderabad, Pune, Ahmedabad,...
Indian shopping website Groupon leaks Email/Passwords of 300,000 Users
Indian shopping website Groupon leaks Email/Passwords of 300,000 Users Groupon subsidary – Sosata.com leak the e-mail addresses and plain-text passwords for 300,000 users and also the sql file is index on Google. SoSasta.com offers its services in 11 cities - Kolkata, Hyderabad, Pune, Ahmedabad,...
Groupon India Subsidiary Database Published, 300k Affected
Groupon is calling on users of their India subsidiary, Sosasta.com, to change their passwords after the company accidentally published a database containing the usernames and passwords of some 300,000 customers, according to a report from Risky.biz. The database, including plaintext passwords and...